Re: About valid and invalid user names
On Sun, 06 Feb 2005 18:06:17 +0200, Petri Latvala
<adrinael@nuclearzone.org> wrote:
>On Sun, 2005-02-06 at 12:15 +0100, Marc Haber wrote:
>> By default, adduser will verify the user against a configurable
>> regexp, default being the most conservative ^[a-z][a-z0-9\-]*$. The
>> --force-badname option will change the regexp to a hardcoded
>> ^[-\._A-Za-z0-9]*\$?$, allowing users to happily hang themselves. This
>> gives the somewhat funny situation that the default can be configured
>> to be less restrictive than --force-badname, but I doubt that it would
>> be sensible to have --force-badname turn off all checks.
>
>How about adding an additional check to the code path without
>--force-badname that checks that the username is a valid POSIX username.
>That is, make it check against the configurable regexp only when
>--force-badname is not given, and against the hardcoded one in both
>occasions. This would avoid the "funny situation" and not break any
>POSIX-following tools.
Nice idea.
Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834
Reply to: